Question 1

Which of the following is not an example of a computer used as an instrument of crime?

Accepted Answer

A)  theft of trade secrets 
B)  intentionally attempting to intercept electronic communication 
C)  unauthorized copying of software 
D)  breaching the confidentiality of protected computerized data 
E)  schemes to defraud 
A)  theft of trade secrets 
B)  intentionally attempting to intercept electronic communication 
C)  unauthorized copying of software 
D)  breaching the confidentiality of protected computerized data 
E)  schemes to defraud D

Question 2

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.

Accepted Answer

A)  DDoS 
B)  DoS 
C)  SQL injection 
D)  phishing 
E)  botnet 
A)  DDoS 
B)  DoS 
C)  SQL injection 
D)  phishing 
E)  botnet A

Question 3

DoS attacks are used to destroy information and access restricted areas of a company's information system.

Accepted Answer

A) True 
 B)False  False

Question 4

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

Accepted Answer

A)  Identity theft 
B)  Spoofing 
C)  Social engineering 
D)  Evil twins 
E)  Pharming 
A)  Identity theft 
B)  Spoofing 
C)  Social engineering 
D)  Evil twins 
E)  Pharming

Question 5

The Gramm-Leach-Bliley Act

Accepted Answer

A)  requires financial institutions to ensure the security of customer data. 
B)  specifies best practices in information systems security and control. 
C)  imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D)  outlines medical security and privacy rules. 
E)  identifies computer abuse as a crime and defines abusive activities. 
A)  requires financial institutions to ensure the security of customer data. 
B)  specifies best practices in information systems security and control. 
C)  imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D)  outlines medical security and privacy rules. 
E)  identifies computer abuse as a crime and defines abusive activities.

Question 6

Evil twins are

Accepted Answer

A)  Trojan horses that appears to the user to be a legitimate commercial software application. 
B)  e-mail messages that mimic the e-mail messages of a legitimate business. 
C)  fraudulent Web sites that mimic a legitimate business's Web site. 
D)  computers that fraudulently access a Web site or network using the IP address and identification of an authorized computer. 
E)  bogus wireless network access points that look legitimate to users. 
A)  Trojan horses that appears to the user to be a legitimate commercial software application. 
B)  e-mail messages that mimic the e-mail messages of a legitimate business. 
C)  fraudulent Web sites that mimic a legitimate business's Web site. 
D)  computers that fraudulently access a Web site or network using the IP address and identification of an authorized computer. 
E)  bogus wireless network access points that look legitimate to users.

Question 7

In a client/server environment, corporate servers are specifically vulnerable to

Accepted Answer

A)  unauthorized access. 
B)  sniffing. 
C)  malware. 
D)  radiation. 
E)  tapping. 
A)  unauthorized access. 
B)  sniffing. 
C)  malware. 
D)  radiation. 
E)  tapping.

Question 8

How do software vendors correct flaws in their software after it has been distributed?

Accepted Answer

A)  They issue bug fixes. 
B)  They issue patches. 
C)  They re-release the software. 
D)  They release updated versions of the software. 
E)  They don't; users purchase software at their own risk. 
A)  They issue bug fixes. 
B)  They issue patches. 
C)  They re-release the software. 
D)  They release updated versions of the software. 
E)  They don't; users purchase software at their own risk.

Question 9

Wireless networks are more difficult for hackers to gain access too because radio frequency bands are difficult to scan.

Accepted Answer

A) True 
 B)False

Question 10

The communications lines in a client/server environment are specifically vulnerable to

Accepted Answer

A)  vandalism. 
B)  malware. 
C)  software failure. 
D)  tapping. 
E)  errors. 
A)  vandalism. 
B)  malware. 
C)  software failure. 
D)  tapping. 
E)  errors.

Question 11

The Sarbanes-Oxley Act

Accepted Answer

A)  requires financial institutions to ensure the security of customer data. 
B)  specifies best practices in information systems security and control. 
C)  imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D)  outlines medical security and privacy rules. 
E)  identifies computer abuse as a crime and defines abusive activities. 
A)  requires financial institutions to ensure the security of customer data. 
B)  specifies best practices in information systems security and control. 
C)  imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D)  outlines medical security and privacy rules. 
E)  identifies computer abuse as a crime and defines abusive activities.

Question 12

Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.

Accepted Answer

A) True 
 B)False

Question 13

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

Accepted Answer

A) True 
 B)False

Question 14

Explain how an SQL injection attack works and what types of systems are vulnerable to this type of attack.

Accepted Answer

SQL injection attacks take advantage of

Question 15

________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

Accepted Answer

A)  Stateful inspections 
B)  Intrusion detection systems 
C)  Application proxy filtering technologies 
D)  Packet filtering technologies 
E)  Firewalls 
A)  Stateful inspections 
B)  Intrusion detection systems 
C)  Application proxy filtering technologies 
D)  Packet filtering technologies 
E)  Firewalls

Question 16

Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.

Accepted Answer

A) True 
 B)False

Question 17

You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.

Accepted Answer

(1) Establish what data and processes ar

Question 18

Smaller firms may outsource some or many security functions to

Accepted Answer

A)  ISPs. 
B)  MISs. 
C)  MSSPs. 
D)  CAs. 
E)  PKIs. 
A)  ISPs. 
B)  MISs. 
C)  MSSPs. 
D)  CAs. 
E)  PKIs.

Question 19

________ is malware that logs and transmits everything a user types.

Accepted Answer

A)  Spyware 
B)  A Trojan horse 
C)  A keylogger 
D)  A worm 
E)  A sniffer 
A)  Spyware 
B)  A Trojan horse 
C)  A keylogger 
D)  A worm 
E)  A sniffer

Question 20

An acceptable use policy defines the acceptable level of access to information assets for different users.

Accepted Answer

A) True 
 B)False

Which of the following is not an example of a computer used as an instrument of crime?

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.

DoS attacks are used to destroy information and access restricted areas of a company's information system.

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

The Gramm-Leach-Bliley Act

Evil twins are

In a client/server environment, corporate servers are specifically vulnerable to

How do software vendors correct flaws in their software after it has been distributed?

Wireless networks are more difficult for hackers to gain access too because radio frequency bands are difficult to scan.

The communications lines in a client/server environment are specifically vulnerable to

The Sarbanes-Oxley Act

Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

Explain how an SQL injection attack works and what types of systems are vulnerable to this type of attack.

________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.

You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.

Smaller firms may outsource some or many security functions to

________ is malware that logs and transmits everything a user types.

An acceptable use policy defines the acceptable level of access to information assets for different users.

Information Systems in Global Business Today

Global E-Business and Collaboration

Information Systems, Organizations, and Strategy

Ethical and Social Issues in Information Systems

It Infrastructure and Emerging Technologies

Foundations of Business Intelligence: Databases and Information Management

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

E-Commerce: Digital Markets, Digital Goods

Managing Knowledge

Enhancing Decision Making

Building Information Systems

Managing Projects

Managing Global Systems

Filters

Exam 8: Securing Information Systems

Which of the following is not an example of a computer used as an instrument of crime?

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.

DoS attacks are used to destroy information and access restricted areas of a company's information system.

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

The Gramm-Leach-Bliley Act

Evil twins are

In a client/server environment, corporate servers are specifically vulnerable to

How do software vendors correct flaws in their software after it has been distributed?

Wireless networks are more difficult for hackers to gain access too because radio frequency bands are difficult to scan.

The communications lines in a client/server environment are specifically vulnerable to

The Sarbanes-Oxley Act

Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

Explain how an SQL injection attack works and what types of systems are vulnerable to this type of attack.

________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.

You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.

Smaller firms may outsource some or many security functions to

________ is malware that logs and transmits everything a user types.

An acceptable use policy defines the acceptable level of access to information assets for different users.

Information Systems in Global Business Today

Global E-Business and Collaboration

Information Systems, Organizations, and Strategy

Ethical and Social Issues in Information Systems

It Infrastructure and Emerging Technologies

Foundations of Business Intelligence: Databases and Information Management

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

E-Commerce: Digital Markets, Digital Goods

Managing Knowledge

Enhancing Decision Making

Building Information Systems

Managing Projects

Managing Global Systems

Filters